name: Fatih Serdar Çakmak
role: SOC Analyst Intern · Computer Engineering Student
focus: [ SOC Operations, Alert Triage, Incident Response, Detection ]
currently: SOC Intern @ Fibabanka (BDDK-regulated banking SOC)
building: [ Tamga - LLM security proxy, MCPRadar - MCP scanner, SOC n8n playbooks ]
education: B.Sc. Computer Engineering @ ITU (expected 2027)
learning: Detection-as-Code · AI/LLM Security · Threat Hunting
philosophy: "Most alerts are noise. The interesting part is the few that aren't."
ask_me_about: [ SIEM, MITRE ATTACK, SOAR, Blue Team, LLM Security, Go, Python ]I'm a Computer Engineering student who spends most of his time inside a SOC. Day to day that means triaging alerts, killing false positives, and tweaking SOAR playbooks so the signal surfaces faster. Mostly I'm learning what incidents actually look like before they reach an analyst, and how much of a working SOC quietly runs on automation.
Off the clock I build security tooling for AI systems: a proxy that sits in front of LLM traffic, a scanner for MCP servers, and n8n playbooks that handle the repetitive half of SOC work. Everything is open source and linked below.
[ Mar 2026 -> Present ] Fibabanka · Cybersecurity Operations (SOC) Intern
└─ SIEM/EDR alert triage · CTI review · incident docs · AI-assisted triage
[ Jul 2025 -> Mar 2026 ] Doğuş Teknoloji · Cybersecurity and Incident Response Intern
└─ SIEM/SOAR/EDR/NDR triage · phishing playbooks · L1 IR · AD and log monitoring
🛡️ Tamga · Self-Hosted LLM Security Proxy
A proxy you host yourself, sitting between your app and the LLM provider (OpenAI, Anthropic, Azure, Vertex). It redacts PII like TC Kimlik and IBAN numbers before they leave your network, blocks leaked secrets, and flags prompt injection. The static scanner is an Aho-Corasick DFA, so scanning a request costs well under a millisecond. There are compliance mappings for KVKK, BDDK, GDPR and PCI-DSS, plus hash-chained audit logs and a Next.js incident dashboard. Go proxy, Python (FastAPI) analyzer. CI runs a 309-prompt adversarial suite on every change.
📡 MCPRadar · Security Scanner for MCP Servers
Checks Model Context Protocol servers for tool poisoning, prompt injection, and supply-chain rug pulls before your agent runs them. Six detection rules cover zero-width Unicode, injection patterns, encoded blobs, hidden HTML/Markdown, permission scope mismatches, and dangerous tool names. Output is SARIF, so findings land in the GitHub Security tab, and SQLite snapshot diffing catches servers that quietly change their schema after you approved them. Runs with uvx mcpradar scan ..., no install needed. Public leaderboard at yatuk.github.io/mcpradar.
⚙️ SOC n8n Workflows · SOC Automation Playbooks for n8n
Ten SOC automation playbooks for n8n: LLM-assisted alert triage, phishing analysis, IOC enrichment, human-approved containment, CVE watch, and reporting. Each workflow is import-ready JSON with no secrets baked in; you wire up credentials on your own instance. The patterns come from things I actually deal with on shift.
🎯 SOC Simulation · SIEM / SOAR / EDR Alert Triage Simulation
A simulated shift as a SOC analyst: 127 alerts, 126 false positives, 1 real threat, 6 coffees. It walks through SIEM/SOAR/EDR triage with MITRE ATT&CK mapping. Finding the one real threat is the easy part. Staying sharp through the 126 alerts before it is not. Live at yatuk.github.io/soc-simulation.
🗄️ WDI Analytics · Full-Stack Data Platform
A platform for exploring World Bank development indicators across six domains (countries, health, emissions, energy, freshwater, sustainability). A Flask blueprint API sits behind a React + TypeScript SPA. Access is role-based (admin / editor / viewer), all SQL is parameterized, and every change is audit-logged. The frontend has Chart.js trends, a Leaflet world map, CSV export, and server-side pagination. Ships with Docker Compose, Alembic migrations, pytest, and CI. Term project for BLG-317E at ITU.
🖥️ Portfolio · fscakmak.com
Terminal-themed personal site built with Astro 5. Boot animation, a SOC-dashboard recruiter view, and bilingual content.
⚡ "Security is a process, not a product." · Bruce Schneier

